This is a topic that cannot be answered in general terms, as it has many dependencies. It depends on the size of the company, the purpose, the number of employees and the technology used.
Basically, you can say that deactivating Wi-Fi (or disconnecting the network so that Wi-Fi can only be used for surfing and has no access to internal systems) is a proven standard method for securing the internal network.
Otherwise, it also belongs in this category:
- Use a firewall (no, OpenWrt is usually not enough here)
- Network segmentation (not all devices are allowed to access everything)
- Antivirus solutions
- Install updates as quickly as possible
- Use secure passwords
- 2-factor authentication wherever possible
- Restrict user rights as far as possible
- Regular audits
- Document all systems
- Scan for vulnerabilities
- Monitoring (of both devices and security events)
- Look for a professional IT service provider, as they can usually provide entirely different resources.
I do all this professionally, but there’s a reason why my company usually charge 1000 EUR for an initial consultation for micro-enterprises…